1. Technical Field of the Invention
The present invention relates in general to the session initiation protocol (SIP), and in particular, to suppressing malicious clients that use the SIP resource priority header within SIP messages.
2. Description of Related Art
In Internet Protocol (IP) based networks, a single client device can inject a large number of new call/session attempts into the network in rapid order. For example, a session initiation protocol (SIP) client can transmit numerous successive SIP INVITE messages into the network. The ability of a SIP client to flood the network with SIP INVITE messages can be seen as a potential attack on the network to cause denial of service to other subscribers. This denial of service can be further amplified by the inclusion of a Resource Priority Header (RPH) in the SIP INVITE message.
The RPH is an optional parameter that can be included in the SIP INVITE message either by the originating SIP device or a subsequent node. The purpose of the RPH is to indicate to the network that the particular call/session request should be given priority when the network is in congestion and cannot support all of the requests for service. For example, during times of congestion caused by a crisis situation, first responders and other government personnel need to be successful in establishing calls/sessions. To ensure rapid and certain connection of calls/sessions initiated by emergency personnel, the RPH can be added to the SIP INVITE messages.
Priority calls/session requests are normally validated prior to the establishment of the call/session. For example, a SIP INVITE message that includes a RPH is typically routed to a SIP authentication and authorization node in the network where the originating SIP user agent client is authenticated, and authorization for such a priority call/session is confirmed.
Unfortunately, the authentication process provides malicious clients with the opportunity to exploit the limited resources of the network by inserting a “denial of service” attack. For example, a flood of SIP INVITE messages with false RPH parameters can overwhelm the authorization and authentication function for RPH within the network. The flooding of the access network with false RPH parameters diminishes the limited capacity of the authentication and authorization nodes to handle “real” priority calls/sessions from authorized users. The excess traffic caused by the false priority requests blocks a portion of the valid requests roughly in proportion to the percentage of “real” verses “false” attempts. Although the false attempts will eventually fail to be authenticated, the damage caused by the false attempts effectively blocking legitimate priority call/session attempts may prevent emergency personnel from effectively doing their job, thereby harming the public.